-
Notifications
You must be signed in to change notification settings - Fork 2
/
create_serviceprincipal.sh
executable file
·146 lines (133 loc) · 5.08 KB
/
create_serviceprincipal.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/bin/bash
#
# Run this script LOCALLY before any other script, run by typing ./serviceprincipal.sh
# To view the available roles, see https://docs.microsoft.com/azure/active-directory/role-based-access-built-in-roles Default recommended is Contributor, which can manage everything except access
# Read User Input to capture variables
echo "This script will create a Service Principal (SPN) for Azure."
echo
echo "Enter a name for your SPN and press [ENTER]: "
read name
echo "The name you entered is $name."
echo "Enter a password for your SPN and press [ENTER]: "
read -s password
echo "Enter a role for your SPN and press [ENTER]. The default role suggested is Contributor: "
read role
echo "The role you entered is $role."
echo
echo "Thank you for your input. Now proceeding with SPN creation..."
# Login - Complete this process using a browser
if az account show &>/dev/null; then
echo "You are already logged in to Azure..."
else
echo "Logging into Azure..."
az login
echo "Successfully logged into Azure..."
fi
# Function for create_spn
create_spn () {
echo
echo "Creating your SPN now..."
# Capture tenant ID
tenant=$(az account show | jq -r '.tenantId')
# Begin AD Service Principal Creation
az ad sp create-for-rbac \
-n $name \
--password $password \
--role $role \
--verbose
# Output service principal
spn=http://$name
echo "Successfully created Service Principal."
echo
echo "SPN Details:"
echo "spn=$spn"
echo "password=$password"
echo "tenant=$tenant"
echo
# Copy service principal to environment variables file
echo "Saving details to local env file in $(pwd)..."
echo "spn=$spn
password=$password
tenant=$tenant
" > azure.env
echo "azure.env created successfully..."
echo
# If previous SPN variables exist in ~/.bashrc, remove them but save .bak file
sed -e "/spn/d;/password/d;/tenant/d" -i .bak ~/.bashrc
# Export environment variables from this script
echo "Exporting environment variables to ~/.bashrc..."
echo spn=$spn >> ~/.bashrc
echo password=$password >> ~/.bashrc
echo tenant=$tenant >> ~/.bashrc
echo "Exporting environment variables complete..."
echo
echo "Environment variables created..."
echo "Environment variable for your SPN '$spn' successfully created"
echo "Environment variable for your Password '$password' successfully created"
echo "Environment variable for your Tenant ID '$tenant' successfully created"
echo
}
# Azure Subscription Selection
# Check for multiple subscriptions
echo "Checking Azure subscription count..."
arrsize=$(az account list | jq '. | length')
if [ "$arrsize" -eq "1" ]; then
echo "You only have one subscription. Your SPN will be created in $(az account list | jq -r '.[] | .name')"
create_spn
exit 0;
# Multiple subscriptions found, begin selection option.
else
echo "Multiple subscriptions found!"
echo "You have $arrsize available Azure subscriptions. Please select which subscription you would wish to create an SPN for:"
echo
fi
# Configure IFS (Internal Field Separator) to set a new line as word boundary. (Default whites space characters [space / tab / new line] for word boundary.)
IFS=$'\n'
# Capture subscriptions in variable
subscriptions=$(az account list | jq -r '.[] | .name')
# Begin Subscription Menu
echo "============================================="
echo " Azure Subscription Menu "
echo
### for-loop to display our subscription list, numbered.
i=0;
for subs in $subscriptions;
do
echo " $i) $subs"
i=$((i+1));
done
echo
echo " e) Exit This Tool "
echo "============================================="
echo
menu_choice="";
# While loop for menu selection
shopt -s extglob #turn on extended pattern matching for +([0-9])
while [ 1 ];
do
read -p "Please make a selection and press [ENTER]: " menu_choice
# Menu selection
case $menu_choice in
+([0-9]))
az account set --subscription $(az account list | jq -r --argjson v $menu_choice '.[$v] | .name')
if [ $? -eq 0 ]
then
echo
echo "Successfully set your subscription to $(az account list | jq -r --argjson v $menu_choice '.[$v] | .name')"
create_spn
exit 0;
else
echo "Could not set your subscription. Please check your entry and try again." >&2
fi
;;
e|E)
exit 0;
;;
*)
echo;echo;
echo "Invalid selection: $menu_choice"
echo;echo;
;;
esac
done
return 0;